The French television network TV5 Monde is attacked by hackers on April 8, 2015. A group claiming to be linked to ISIS (also known as the Islamic State) and calling itself “Cyber Caliphate” shuts down the network’s TV channels for several hours. The group also posts pro-ISIS propaganda on the station’s website.

However, on June 9, 2015, it is reported by the BBC and elsewhere that French police have decided that attack was actually done by hackers based in Russia. The “Cyber Caliphate” claim was a false front to deflect blame. Police are said to be focusing their investigation on the Russian hacking group known as Fancy Bear or APT 28. French media reports that the group has also targeted the computer systems of Russian dissidents, Ukrainian activists, and others. (BBC, 6/9/2015) (France24, 6/10/2015)

In July 2016, the Washington Post will report that French authorities believe the Glavnoje Razvedyvatel’noje Upravlenije (GRU) was behind the cyberattack. This is one of two Russian military intelligence agencies that will be accused of hacking the Democratic National Committee (DNC) in 2015 and 2016. The GRU has been linked to the Fancy Bear or APT 28 hacking group. The Post will also claim that some analysts believe the attack was Russian retaliation against France for backing out of an agreement to sell helicopter carriers to Russia because of Russian aggression in Ukraine. (The Washington Post, 7/24/2016)

The Democratic National Committee goals and strategy (Credit: The Democratic National Committee)

In June 2016, it will be revealed that hackers broke into the computer network of the Democratic National Committee (DNC), and someone nicknamed “Guccifer 2.0” will post documents that appear to come from the network. One such file is dated from May 26, 2015. It contains advice on how Clinton can win the presidency, even though the Democratic presidential primary campaign has just begun and the DNC is supposed to be neutral until one Democratic candidate wins the nomination.

A portion of the file states: “Reporter Outreach: Working through the DNC and others, we should use background briefings, prep with reporters for interviews with GOP candidates, off-the-record conversations and oppo pitches to help pitch stories with no fingerprints and utilize reporters to drive a message.” The same document also advises: “Use specific hits to muddy the waters around ethics, transparency, and campaign finance attacks on HRC [Hillary Rodham Clinton].”

The document specifies it is addressed to the DNC, but is not clear who exactly wrote the file. (Inquisitr, 6/15/2016)

In June 2016, it will be reported that the computer network of the DNC [Democratic National Committee] was compromised for about a year. Around May 2016, the security company CrowdStrike is hired by the DNC to investigate and stop the hacking attack. According to CrowdStrike, there actually are two different groups that successfully break into the network, both of them linked to the Russian government.

The first group is said to be known by the nickname Cozy Bear. In 2015, it allegedly successfully infiltrated the unclassified networks of the White House, State Department, US Joint Chiefs of Staff, and others. This group gets into the DNC’s network in the summer of 2015 and is not stopped until May 2016.

The second group is said to be known by the nickname Fancy Bear, and it also has had many other successful attacks. It gets into the network in April 2016 and also is stopped in May 2016.

On June 15, 2016, someone going by the nickname “Guccifer 2.0” posts DNC files on the Internet. This person claims to have no connection to the Russian government, but also claims to have accessed the DNC network for “almost a year,” which is similar to what CrowdStrike says about Cozy Bear. (CrowdStrike.com, 6/15/2016) (The Washington Post, 6/15/2016)

According to a June 17, 2016Bloomberg News article, during this time period, the same allegedly Russian hackers who breach the computers of the DNC [Democratic National Committee] and Clinton’s presidential campaign “[burrow] much further into the US political system, sweeping in law firms, lobbyists, consultants, foundations, and the policy groups known as think tanks, according to a person familiar with investigations of the attacks.” Almost 4,000 Google accounts are targeted by “spear phishing,” which involves tricking targets to give log-in information so their data can be accessed. The Center for American Progress, a think tank with ties to Clinton and the Obama administration, is one known target.

Bloomberg News will further report that, “Based on data now being analyzed, various security researchers believe the campaign stems from hackers linked to Russian intelligence services and has been broadly successful, extracting reams of reports, policy papers, correspondence and other information.”

The Russian government denies any involvement, but cybersecurity experts who have investigated the attacks believe the hackers are working for Russia. It is believed that either or both of two major Russian hacking groups, Fancy Bear (or APT 28) and Cozy Bear (or APT 29) are behind the attacks. (Bloomberg News, 6/17/2016)

The Republican-dominated committee is supposed to be focused on the US government’s response to the 2012 terrorist attack in Benghazi, Libya, but they are changing their approach because they are being accused on overreach on the only sometimes related email issue in an attempt to politically damage Clinton. For instance, the committee had been planning to interview lawyer Heather Samuelson, who helped sort and delete Clinton’s emails, but now they change their mind.

Politico reports that Clinton’s public testimony before the committee the day before “was widely seen as a success for Clinton, while Republicans failed to strike any decisive blows. Meanwhile, Democrats amped up their claims that the entire investigation was a partisan witch hunt.” (Politico, 10/23/2015)

According to a July 2016 Yahoo News article, the FBI contacts the DNC in late 2015 and tells their IT (information technology) staffers that there has been a hacking attack on the DNC’s computer network. The FBI provides no details, such as who the hackers might be.

It will later be discovered that a hacker broke into the DNC network in the summer of 2015. Despite the FBI warning, the hacker won’t be ejected from the network until around June 2016. (Yahoo News, 7/29/2016)

The Clinton campaign logo superimposed over the FBI logo. (Credit: public domain)

This is according to what two unnamed “sources who have been briefed on the matter” will tell Yahoo News in July 2016. FBI officials privately meet with senior Clinton campaign officials and express concern that hackers are using “spear phishing” techniques to access the campaign’s computers. They ask the campaign to turn over internal computer logs and the personal email addresses of top campaign staffers to help the FBI’s investigation. But the campaign declines to do so after deciding the request for personal data is too broad and intrusive. The FBI doesn’t give any mention as to who the hackers might be.

One month later, the campaign will learn on its own that its computers have been hacked and they will use a private cybersecurity company to combat the hackers.

Yahoo News will comment that the FBI’s “warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously.”

At the time, the FBI has an active investigation into Clinton’s email usage while she was secretary of state, and Clinton’s campaign isn’t sure how extensive that inquiry is. There have been media reports that the investigation extended into unethical practices at the Clinton Foundation, which could theoretically include interest in more recent communications.

Yahoo News will report that, according to an unnamed internal source, “Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe.” But the FBI insists that its request for data to combat the hacking has no connection to any other investigation, and since there is no subpoena forcing the issue, the Clinton campaign turns down the request. (Yahoo News, 7/29/2016)

The hacker or hacking group is known by the nickname Fancy Bear, and is alleged to be working for the Russian government. Fancy Bear gets into the DNC network in April 2016, which makes it separate from the efforts of Cozy Bear (alleged also to be linked to Russia) or Guccifer 2.0 (alleged to be a “lone hacker”) which in either case got into the network for about a year. Fancy Bear’s attack on Clinton’s staffers is said to start in March 2016, according to the security firm SecureWorks. Targets include Clinton’s communications and travel organizers, speechwriters, policy advisers, and campaign finance managers.

The hackers use the “spear phishing” technique of sending an email from a seemingly trusted source in order to get the target to click on a link. In this case, the links are shortened by an Internet service known as Bitly to make it hard to notice that they’re bogus. They take the target to a fake Google login page, since most or all of Clinton’s staffers use Gmail. Once the target gives their user name and password, the hacker can log into the real account and access all the data. The hackers create 213 links targeting 108 hillaryclinton.com addresses. Twenty of those are clicked, raising the possibility that some accounts are successfully breached. (Forbes, 6/16/2016)

Brazile writes an email to Clinton’s campaign Communications Director Jennifer Palmieri. It is CCed to Clinton campaign chair John Podesta. Podesta’s email account will later be hacked, resulting in the release of the email by WikiLeaks on October 11, 2016. Brazile is also a CNN and ABC contributor at the time. In July 2016, she will be promoted to the interim head of the Democratic National Committee (DNC).

Brazile tells Palmieri, “From time to time I get the questions in advance. Here’s one that worries me about HRC.” Brazile then includes a question that will be asked at a town hall (a format similar to a debate) between Clinton and her main primary opponent Bernie Sanders, scheduled to occur the following day, on March 13, 2016.CNN anchor Jake Tapper and TV One host Roland Martin are to co-moderate the event.

Jennifer Palmieri (Credit: Gerry Broome / The Associated Press)

Brazile’s question reads: “DEATH PENALTY 19 states and the District of Columbia have banned the death penalty. 31 states, including Ohio, still have the death penalty. According to the National Coalition to Abolish the Death Penalty, since 1973, 156 people have been on death row and later set free. Since 1976, 1,414 people have been executed in the U.S. That’s 11% of Americans who were sentenced to die, but later exonerated and freed. Should Ohio and the 30 other states join the current list and abolish the death penalty?”

Palmieri responds in the email, “Hi. Yes, it is one she gets asked about. Not everyone likes her answer but can share it.” (Wikileaks, 10/11/2016)

Roland Martin (Credit: public domain)

On October 12, 2016, the day after WikiLeaks releases the email, Politico will write about the similarities between the question Brazile wrote and the actual question Roland Martin asked at the town hall. According to the CNN transcript, Martin asked, “Secretary Clinton, since 1976, we have executed 1,414 people in this country. Since 1973, 156 who were convicted have been exonerated from the death row. This gentleman here is one of them. This is Ricky Jackson, wrongfully convicted of murder in 1975, he spent 39 years in prison. He is undecided. Ricky, what is your question?”

Politico will write that Martin initially said in an interview that he did not “share my questions with anybody. Literally. My executive producer wasn’t even aware of what I was going to ask.” In a follow up interview, Martin will say that he did send his questions to CNN via his producer and his TV One team. In a third follow up email, Martin will say he did not believe had had consulted with Brazile ahead of the town hall.

Brazile will deny that she notified the Clinton campaign of the proposed question, despite the clear evidence of the leaked email. “As a longtime political activist with deep ties to our party, I supported all of our candidates for president. I often shared my thoughts with each and every campaign, and any suggestions that indicate otherwise are simply untrue. As it pertains to the CNN Debates, I never had access to questions and would never have shared them with the candidates if I did.” (Politico, 10/11/2016)

Jake Tapper (Credit: public domain)

Two days after the leak, CNN anchor Jake Tapper will blast Brazile and TV One host Roland Martin for their apparent involvement in leaking the Democratic town hall question to the Clinton campaign: “It’s very, very troubling… whatever took place here, and I know that I had nothing to do with it, and I know that CNN, we were so closely guarding our documents, you couldn’t even, they weren’t ever emailed around. … We wanted to put her in a tough situation. You [Clinton] support the death penalty and here’s somebody who was almost killed by the death penalty, what’s your reaction to him?… To find out that somebody was unethically helping the Clinton campaign and tipping them off, is just very, very upsetting.” (WMAL, 11/13/2016)

On June 14, 2016, McClatchy Newspapers will report that a hacking attack on the DNC [Democratic National Committee] is discovered “in late April 2016, after staffers noticed unusual activity on the DNC’s computer network.” (McClatchy Newspapers, 6/14/2016)

On June 21, 2016, Bloomberg News will report, “The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.” (Bloomberg News, 6/21/2016)

On July 25, 2016, the Washington Post will report that the FBI warns the “Clinton campaign and dozens of lawmakers” that they are being targeted by hackers. Later reporting by Yahoo News will indicate that the Clinton campaign is first warned by the FBI in March 2016. The timing of the warning to lawmakers is less clear, except that the Post mentions it takes place “weeks before” a media report on June 14, 2016 that hackers had broken into the Democratic National Committee (DNC) computer network.

It still has not been proven that hack on the lawmakers have been successful. However, former Senate majority leader Tom Daschle (D) has told the Post that his email account was hacked recently. But he hasn’t been given any indication if law enforcement is investigating or who the hacker might be. (The Washington Post, 7/25/2016)

Alexandra Chalupa, a consultant for the Democratic National Committee (DNC), has been working for several weeks on an opposition research file about Paul Manafort, the campaign manager of Republican presidential nominee Donald Trump. Manafort has a long history of advising politicians around the world, including controversial dictators. Logging into her Yahoo email account, she gets a warning entitled “Important action required” from a Yahoo cybersecurity team. The warning adds, “We strongly suspect that your account has been the target of state-sponsored actors.”

Paul Manafort (Credit: Linked In)

Paul Manafort was a key adviser to Ukrainian President Viktor Yanukovych from 2004 until 2010. Yanukovych is a controversial figure frequently accused of widespread corruption and was overthrown after a massive series of protests in February 2014, and has since been living in Russia, protected by the Russian government. Chalupa had been drafting memos and writing emails about Manafort’s link to pro-Russian Ukrainian leaders such as Yanukovych when she got the warning. She had been in contact with investigative journalists in Ukraine who had been giving her information about Manafort’s ties there.

Chalupa immediately alerts top DNC officials. But more warnings from Yahoo’s security team follows. On May 3, 2016, she writes in an email to DNC communications director Luis Miranda, “Since I started digging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often.”

In July 2016, she will tell Yahoo News, “I was freaked out,” and “This is really scary.” Her email message to Miranda will later be one of 20,000 emails released by WikiLeaks on July 22, 2016, showing that there was good reason to be concerned about hacking attempts.

Chalupa’s email to Miranda, results in concern amongst top level DNC officials. One unnamed insider will later say. “That’s when we knew it was the Russians,” since Russia would be very interested in Chalupa’s research and other countries like China would not. This source also says that as a precaution, “we told her to stop her research.”

Yahoo will later confirm that it did send numerous warnings to Chalupa, and one Yahoo security official will say, “Rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.” (Yahoo News, 7/25/2016)

Clapper publicly comments, “We’ve already had some indications” of hacking on the computer networks of the two frontrunners in the presidential race. He warns, “We’ll probably have more.” He suggests the hackers could be working for foreign governments.

V. Miller Newton, who advises federal agencies on data security, says foreign spying on campaign sites is inevitable. “These campaigns are not working on encrypted platforms. It’s a matter of when, and how serious of an impact it is going to have on this election.” (The Associated Press, 5/18/2016)

It will later emerge that a hacking attack on the DNC [Democratic National Committee] was already discovered, in late April 2016, after staffers noticed unusual activity on the DNC’s computer network. (McClatchy Newspapers, 6/14/2016)

In an interview, Bernie Sanders is asked his opinion of a hypothetical situation in which the FBI recommends Clinton’s indictment and then Clinton’s delegates switch their support to Vice President Joe Biden or some other person who didn’t run in the primaries.

Sanders replies, “I think that would be a terrible, terrible idea. […] That would say to the millions of people who have supported us, that have worked with us, that would say all of your energy, all of your votes, all of your beliefs are irrelevant. We’re going to bring in someone else. I happen to like Joe a lot, but I think that would be a very, very serious blunder for the Democratic Party.” (The Hill, 5/28/2016)

A June 21, 2016Bloomberg News article claims the warnings came before the hack on the DNC [Democratic National Committee] was made public on June 14, 2016. However, it’s unclear when the warnings happened exactly. This is according to one unnamed “person familiar with the government investigation into the attacks.”

But the Trump campaign won’t respond to questions about the warnings, and Sanders spokesperson Michael Briggs says he isn’t aware of the warnings.

Bloomberg News will comment, “Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.” (Bloomberg New, 6/21/2016)

It has been reported that the Clinton campaign and related organizations have been attacked by hackers, but there have been no confirmed attacks on the Trump or Sanders campaigns. (Bloomberg News, 6/17/2016)

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.

One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.

The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016)

Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016)

In an interview, Clinton is asked about a news report from earlier in the day that hackers allegedly linked to the Russian government breached the computer network of the DNC [Democratic National Committee]. She is asked the general question, “What can you tell us about that incident? How worrisome is it?”

She replies, “I only learned about it when it was made public. And it is troubling, just as all cyber-attacks against our businesses and our institutions, our government are. The Russians—and according to the reporting—who did this hacking were most likely in the employment of the Russian government.”

She also comments without being prompted, “So far as we know, my campaign has not been hacked into and we’re obviously looking hard at that.” (The Hill, 6/14/2016)

But two days later, Forbes reports that a security company hired by the Clinton campaign has determined many of her campaign staffers have been targeted by hackers in recent months, and there are indications some of their email accounts could have been breached. (Forbes, 6/16/2016)

One day after the Washington Post reported that alleged Russian hackers broke into the DNC’s [Democratic National Committee] computer network, a man using the nickname “Guccifer 2.0” creates a new website on the Internet showing that person got the DNC files. Guccifer 2.0 likely has no connection to Guccifer, who is now in a US prison, but seems inspired to take the name due to Guccifer’s earlier hacking notoriety.

He posts a 200-page opposition research file on Republican presumptive presidential nominee Donald Trump dating from December 2015, as well as other computer files from the DNC. The files include a sample of donor information, contradicting the DNC’s claim from the day before that no financial information had been stolen.

Guccifer 2.0 also claims to have given “thousands of files and mails” to WikiLeaks. This comes several days after WikiLeaks head Julian Assange promised to post more of Clinton’s emails soon. The security firm CrowdStrike was hired to investigate the DNC hack, and they claimed to be confident that it was a sophisticated operation done by two hacking groups with ties to the Russian government.

However, Guccifer 2.0 claims to be working independently, and says of CrowdStrike, “I’m very pleased the company appreciated my skills so highly. But in fact, it was easy, very easy.”

However, CrowdStrike stands by their original claim and suggests the new website could be “part of a Russian intelligence disinformation campaign.” (Wired, 6/15/2016) (Vice News, 6/15/2016)

NBC News reports that “several Democratic sources familiar with the party’s opposition research efforts said they believed opposition research book to be authentic. It also includes links to data stored on internal DNC servers, which would not accessible to people outside the committee.” (NBC News, 6/15/2016)

SecureWorks is a cybersecurity company that apparently has been hired to investigate recent leaks targeting US government officials, departments, and related entities. Focusing on the hacking group known as Fancy Bear (or APT 28), they conclude with “moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.” They also conclude that the group targeted Clinton’s presidential campaign and the DNC [Democratic National Committee].

However, SecureWorks have not observed Fancy Bear “[target] the US Republican party or the other US presidential candidates whose campaigns were active between mid-March and mid-May [2016]: Donald Trump, Bernie Sanders, Ted Cruz, Marco Rubio, and John Kasich.” But they point out the other campaigns could have been targeted by other means not noticed by them. (SecureWorks, 6/16/2016)

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

On June 15, 2016, someone going by the name “Guccifer 2.0” claimed to be the “lone hacker” behind the breach of the DNC [Democratic National Committee] computer network reported in the media the day before.

However, various clues support the assertion by security experts hired by the DNC that the hacking effort is connected to the Russian government or at least originates from Russia:

The metadata of one file sent by Guccifer 2.0 to Gawker contains metadata indicating the last person to change the file used the nickname for Felix Dzerzhinsky (Феликс Эдмундович), a long-dead Russian statesman best known for founding the Soviet secret police.

The nickname is written in the Cyrillic alphabet, which means Guccifer 2.0’s computer was configured to use the Russian language and was connected to a Russian-language keyboard.

Another file contains some broken web links. The error message is also written in Russian, using the Cyrillic alphabet.

A blog post written by Guccifer 2.0 uses “)))” to indicate a smiley face. This is common in Eastern Europe and Russia but very uncommon elsewhere, due to differences with the Russian-language keyboard. (Ars Technica, 6/16/2016)

Other metadata indicates the person who saved the files used a cracked version of Office 2007, which is popular in Russia.

Vice News reports that Guccifer 2.0 had no online history prior to June 15, and “multiple security sources said they’d never heard of nor seen anyone by that alias” before that date. (Vice News, 6/16/2016)

Dave Aitel, CEO of Immunity Security, comments, “You don’t have the FBI or DHS [Department of Homeland Security] coming out and saying: ‘Hey we don’t think it’s Russia.’ If it is Russia, a nation state, it’s a pretty big deal. Otherwise the FBI would say: ‘We’re conducting an investigation.’ But they’re not saying that.”

Ars Technica comments, “Of course, it’s still possible that the Russian fingerprints were left intentionally by someone who has no connection to Russia, or by a Russian-speaking person with no connection to the Russian government, or any number of other scenarios.” (Ars Technica, 6/16/2016)

Time Magazine notes that although CrowdStrike, the cybersecurity firm hired by the DNC [Democratic National Committee] to stop the hacking of their computer network, claims the Russian government is behind the attacks, other security experts are skeptical. Someone calling themselves “Guccifer 2.0” has posted some files that appear to come from the DNC hack, and that person claims to be a “lone hacker.”

CrowdStrike asserts this is just an effort to sow confusion about Russian involvement, but some experts doubt that as well.

Nathaniel Gleicher, the former director for cybersecurity policy on the NSC [National Security Council], says, “Attribution is incredibly difficult—I wouldn’t say impossible, but it’s very difficult.”

Reg Harnish, the CEO of the cybersecurity company GreyCastle Security, says the final answer may still be unknown, with political intrigues complicating the picture. “I’ve been personally involved in hundreds of these investigations, and you just don’t end up in the same place where you began. […] I think there’s a lot of misinformation out there right now.”

Scott Borg, the head of the US Cyber Consequences Unit, echoed the skepticism. “Our best guess is that the second (and apparently less skillful) of the two intruders was not Russian intelligence. We are also uncertain about the first group.”

A sample of the data released by Guccifer 2.0, revealing personal information of DNC donors. (Credit: Guccifer 2.0)

Two days after emerging to post some DNC [Democratic National Committee] documents on the Internet, the hacker known by the nickname Guccifer 2.0 publishes some more.

This person comments on their new website, “It appears there are a lot of financial reports, donors lists, and their detailed personal information, including e-mail addresses and private cell phone numbers…I got tons of files and docs.” This person also promises to post more soon.

Business Insider notes: “The Washington Post’s initial report stated that the hacker’s avoidance of donor information indicates that the breach was likely the work of ‘traditional espionage,’ but the new information posted by Guccifer 2.0, if legitimate, seems to discredit that line of thinking.”

The DNC has not confirmed that the documents are genuine, but has not denied it either. It is unknown who Guccifer 2.0 is, but security experts hired by the DNC assert the Russian government is behind the leaks. (Business Insider, 6/18/2016)

The companies are Fidelis Cybersecurity and Mandiant. They base their analysis on five malware samples used in the hacking attack. Fidelis executive Michael Buratowski says, “Based on our comparative analysis, we agree with CrowdStrike and believe that the Cozy Bear and Fancy Bear…groups were involved in successful intrusions at the DNC [Democratic National Committee] . […] The malware samples matched the description, form and function that was described in the CrowdStrike blog post. In addition, they were similar and at times identical to malware that other [research firms] have associated to these actor sets.”

However, the Washington Post reports, “It is also possible, researchers said, that someone else besides the Russians were inside the DNC’s network and had access to the same documents.” (The Washington Post, 6/20/2016)

A law firm reviewing the DNC attack, Baker & McKenzie, has begun working with three cybersecurity companies to review CrowdStrike’s findings. Fidelis Cybersecurity is one of them, along with FireEye and Palo Alto Networks, Inc. (Bloomberg News, 6/21/2016) (Fidelis Cybersecurity, 6/20/2016)

Bloomberg News reports this is according to three unnamed “people familiar with the matter.” Clinton Foundation officials say they haven’t been notified of the attack and refuse to say more. The breach was discovered as recently as one week earlier.

The attack appears to be part of a larger sweep of attacks that has targeted at least 4,000 email accounts of people connected to US politics since about October 2015. Many of the targets appear to be linked to Clinton.

Bloomberg News comments, “The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal emails filled with gossip about world leaders and Hollywood stars were made public.”

Someone going by the nickname “Guccifer 2.0” has been releasing documents from a hack on the DNC [Democratic National Committee] but it is unknown if this person is linked to the foundation attack. (Bloomberg News, 6/21/2016)

This is the third release by Guccifer 2.0 of files from the DNC [Democratic National Committee] in a week. Guccifer 2.0 claims on his website, “It’s a big folder of docs devoted to Hillary Clinton that I found on the DNC server.” The files are compilations of news reports and other publicly available documents on existing or likely Democratic candidates from around April 2015, and the vast majority of the files contain information from that time or earlier. Nearly all the files are about Clinton, noting stories that could hurt her and often countering them with pro-Clinton talking points.

The DNC has neither confirmed nor denied that Guccifer 2.0 files come from the DNC breach, but Mother Jones notes that the “new trove of documents [were] apparently pilfered from the [DNC].” (Mother Jones, 6/21/2016)

Bloomberg News reports, “If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.”

In the same article, Clinton spokesperson Glen Caplin refuses to comment on details about recent hacking attacks or confirm if any of Clinton’s campaign staff got successfully hacked. However, Caplin does say, “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”

The DNC [Democratic National Committee] similarly won’t comment on details or confirm reports of successful attacks. However, the DNC issues a written statement that it believes recent leaks by Guccifer 2.0 are “part of a disinformation campaign by the Russians.”

Starting June 15, 2015, someone using the nickname “Guccifer 2.0” created a website and started posting files that appear to come from a recent hack of the DNC [Democratic National Committee] computer network. He claims to be a “lone hacker” while some have suggested that he is a front for the Russian government.

For the first time, he is interviewed, by Vice News, through Twitter, so his appearance and location remain unknown. He says he is from Romania, just like the original hacker nicknamed Guccifer, who is now in a US prison. However, Vice News asks him to answer a question in Romanian and he declines to do so. He does make a few comments in Romanian, but they have numerous errors. He says he deliberately left Russian metadata in the leaked documents as his personal “watermark.” Yet he claims, “I don’t like Russians and their foreign policy. I hate being attributed to Russia.”

He says he first breached the DNC network in the summer of 2015. “Then I installed my Trojans on several PCs. I had to go from one PC to another every week so CrowdStrike couldn’t catch me for a long time. I know that they have cool intrusion detection system. But my heuristic algorithms are better.” He claims he finally got kicked out of the network on June 12, 2016, when the DNC “rebooted their system.”

He says he has had other successful hacking attacks, but he refuses to name the targets because “my safety depends on it.” He says he doesn’t care about Donald Trump but targeted the DNC to emulate the work of the original Guccifer. (Vice News, 6/21/2016)

The meeting takes place only one day before WikiLeaks publicly releases almost 20,000 Democratic National Committee (DNC) emails. However, when the Washington Post reports on this meeting a few days later, it will give no indication if US intelligence knew of the leak in advance and thus discussed that in the meeting or not. According to the Post, “Officials from various intelligence and defense agencies, including the National Security Council, the Department of Defense, the FBI, and the Department of Homeland Security, attended the White House meeting…” (The Washington Post, 7/24/2016)

In announcing the release, WikiLeaks mentions this is “part one of our new Hillary Leaks series.” (WikiLeaks, 7/22/2016)

Julian Assange, head of WikiLeaks, mentioned in a June 2016 interview that other coming releases will relate to the Clinton Foundation and to Clinton’s emails (although it’s not clear how many there are or where and when they are from). It also was reported in June 2016 that the DNC computer network had been recently hacked, along with other political entities, such as the Clinton campaign. It also was suspected that the Russian government was behind the DNC hack. However, a previously unknown hacker named Guccifer 2.0 emerged and claimed to be behind the hack, and also claimed to have no ties to Russia. He furthermore claimed to have given thousands of documents to WikiLeaks.

WikiLeaks has a policy of never revealing the sources of their leaked material, and has maintained that policy for this release.

Shortly after WikiLeaks publishes almost 20,000 emails from the Democratic National Committee (DNC), the hacker known as Guccifer 2.0 takes credit. His website is not updated, but he writes at his Twitter account: “@wikileaks published #DNCHack docs I’d given them!!!” (Twitter, 6/22/2016)

He has previously posted many DNC files on his own website, starting on June 15, 2016. And on that same day, he claimed that he had given “thousands of files and mails” to WikiLeaks.

On July 24, 2016, Mook says, “What’s disturbing about this entire situation is that experts are telling us that Russian state actors broke into the DNC [Democratic National Committee], took all those emails, and are now leaking them out through these websites,” such as WikiLeaks. “It’s troubling that some experts are telling us this was done by the Russians for the purpose of helping [Republican presidential nominee] Donald Trump.”

Mook also apologizes for the content of some emails, which show the DNC had a bias in favor of Clinton and against Senator Bernie Sanders, despite DNC rules that it should be neutral in the Democratic primaries. (The Hill, 7/24/2016)

Two days later, Mook makes similar accusations about Russia. He also says, “I think the timing around our convention was not a coincidence.” WikiLeaks released 20,000 DNC emails on June 22, 2016, just three days before the start of the Democratic National Convention. (The Hill, 7/26/2016)

Michael Vickers, who was undersecretary of defense for intelligence from 2011 to 2015, says that if the Russian government is behind the recent leak of Democratic National Committee (DNC) emails by WikiLeaks, it would be unprecedented for the US. “What is really new here is the attempt to influence the politics of the United States. That is the problem.”

However, he also points out that there is evidence the Russians have attempted to influence elections in European countries close to their border. For instance, in 2004, a Russian hacker group calling itself Cyber Berkut claimed it hacked and disabled the electronic vote-counting system of the Ukraine central election commission three days before the presidential election. However, analysts believe the hack was actually done by the Glavnoje Razvedyvatel’noje Upravlenije (GRU), one of two Russian military intelligence agencies accused of recently hacking the DNC. These analysts claim the GRU created Cyber Berkut as a false front to deflect responsibility. (The Washington Post, 7/24/2016)

Wasserman Schultz announces her resignation as chair of the Democratic National Committee on Sunday, July 24, 2016. (Credit: CNN)

Just one day before the Democratic National Convention, Representative Debbie Wasserman Schultz (D) announces she is resigning from her position as the chair of the DNC. This comes in response to WikiLeaks releasing 20,000 leaked emails from a recent hack of the DNC. The New York Times says that the emails “showed party officials conspiring to sabotage the [presidential] campaign of Senator Bernie Sanders of Vermont.”

Earlier in the day, Sanders called the situation an “outrage” and called for Wasserman Schultz to step down. She announced her resignation after a private meeting with Clinton’s senior aides. The Times comments that even prior to the email leak, “Ms. Wasserman Schultz has faced a flurry of negative stories during her five-year tenure as the committee’s chairwoman… but she had resisted calls for her to quit.”

The Times also reports: “The breach of the Democratic committee’s emails… offered undeniable evidence of what Mr. Sanders’s supporters had complained about for much of the senator’s contentious primary contest with Mrs. Clinton: that the party was effectively an arm of Mrs. Clinton’s campaign.”

Donna Brazile, vice chair of the Democratic National Committee (DNC), replaces Wasserman Schultz as interim chair through the end of the November 2016 election. (The New York Times, 7/24/2016)

Sample of DNC spreadsheet released by Wikileaks, titled “Boards and Commissions” listing generous DNC donors who are being considered for appointments to various Boards and Commissions. Donor email addresses and phone numbers were blacked out by thompsontimeline. (Credit: Wikileaks)

Yahoo News reports about the series of hacking attacks targeting the Democratic National Committee (DNC), Clinton campaign, and other US political targets starting in the summer of 2015 and continuing until at least June 2016. “Two sources familiar with the [DNC] breach said that the hackers’ reach was far more widespread than initially thought and includes personal data about big party contributors and internal ‘vetting’ evaluations that include embarrassing comments about their business dealings (as well as gossipy internal emails about the private affairs of DNC staffers). … Party officials are bracing for more damaging document dumps after Labor Day [September 7, 2016]. ‘They’re having to do serious damage control with the donors right now,’ said a party official familiar with the matter.”

Additionally, Yahoo News mentions, “There are also signs that the hackers have penetrated the personal email of some Clinton campaign staffers — at least those who were in communication with senior DNC staff members.” (Yahoo News, 7/25/2016)

Daley says, “I don’t think anybody would be surprised if [Russian President Vladimir] Putin would try to affect the election. That’s like the old ‘Casablanca’ — there’s gambling in the casino. It doesn’t surprise me at all. Period. I think anybody who dismisses that is living in fairy land here.”

He also calls the possibility that the Russian government was behind the hack of Democratic National Committee (DNC) emails “pretty frightening.”

Hayden says that if the Russian government is behind the recent leaks of Democratic National Committee (DNC) emails by WikiLeaks, this would mean “they’re clearly taking their game to another level. It would be weaponizing information. You don’t want a foreign power affecting your election. We have laws against that.”

Hayden was appointed head of the NSA by President Bill Clinton and then he was later appointed head of the CIA by President George W. Bush. (The Washington Post, 7/25/2016)

In an interview with NBC News, Wikileaks leader Julian Assange won’t say who gave WikiLeaks the Democratic National Committee (DNC) emails they have recently made public, as the group has a policy to never reveal their sources.

However, Assange discourages the widespread speculation that the emails come from hackers linked to the Russian government. Assange suggests that the DNC’s security was so weak that it could have been hacked by multiple groups. He also insists, “The emails that we have released are different sets of documents to the documents of those [that] people have analyzed.”

A hacker or hacking group going by the name of Guccifer 2.0 claims to have given the emails to WikiLeaks, but WikiLeaks has not confirmed this.

A WikiLeaks representative also comments, “Our publication of leaked DNC emails and the many DNC hacks over the last two years are separate incidents and should not be conflated.” (The Daily Beast, 7/26/2016)

On July 26, 2016, Russian Foreign Minister Sergey Lavrov strongly dismisses suggestions that the Russian government could have been behind the hacks that led to the public release of 20,000 Democratic National Committee (DNC) emails. He says, “I don’t want to use four-letter words.” (The New York Times, 7/26/2016)

Two days later, Russian government spokesperson Dmitry Peskov says accusations of Russian involvement in the hacking of the emails border on “total stupidity” and are motivated by anti-Russian sentiment. “As regards these [email] batches, that is not our headache. We never poke our noses into others’ affairs and we really don’t like it when people try to poke their nose into ours. … The Americans need to get to the bottom of what these emails are themselves and find out what it’s all about.”

Peskov also says Russia won’t change what he claims has been a neutral stance on the US 2016 presidential election. “We know perfectly well that candidates in the heat of a preelection struggle say one thing, but that later, when under the weight of responsibility, their rhetoric becomes more balanced.”

Some US analysts claim that the Russian media, which is heavily influenced by the Russian government, has shown a clear tilt in favor of Trump. (Reuters, 7/28/2016)

Assange is vague on details about future releases. He is asked by CNN about reports that the Russian government might be behind the recent hack of the Democratic National Committee (DNC) computer network. WikiLeaks has a policy of never revealing its sources, and Assange maintains that policy by refusing to confirm or deny anything. He says, “Perhaps one day the source or sources will step forward and that might be an interesting moment. Some people may have egg on their faces. But to exclude certain actors is to make it easier to find out who our sources are.”

He additionally says that Clinton and other Democratic officials are using the specter of Russian involvement to distract from the content of the emails. “It raises questions about the natural instincts of Clinton that when confronted with a serious domestic political scandal, she tries to blame the Russians, blame the Chinese, et cetera. Because if she does that while in government, it could lead to problems.” (CNN, 7/27/2016)

President Obama is asked if Russia could be behind hacks that led to 20,000 Democratic National Committee (DNC) emails getting released by WikiLeaks. He says the FBI is still investigating but also “experts have attributed this to the Russians.”

He adds, “What we do know is is that the Russians hack our systems. Not just government systems, but private systems. But you know, what the motives were in terms of the leaks, all that — I can’t say directly. What I do know is that Donald Trump has repeatedly expressed admiration for Vladimir Putin.”

Asked if he’s suggesting that Russian leader Vladimir Putin could be motivated to help Trump win the November 2016 election, Obama replies, “I am basing this on what Mr. Trump himself has said. And I think that — Trump’s gotten pretty favorable coverage­­­ — back in Russia.” (Politico, 7/26/2016)

He stops stopped short of accusing Russia of trying to manipulate the election, but says “anything’s possible.” He also claims that “on a regular basis, [the Russians] try to influence elections in Europe.” (The New York Times, 7/26/2016)

Guccifer 2.0 is a hacker who claims he broke into the Democratic National Committtee (DNC) computer network and then gave the emails he found to WikiLeaks. He also claims to be an East European with no connection to Russia.

Threat Connect Logo (Credit: public domain)

However, the cybersecurity research group ThreatConnect claims to have new evidence linking Guccifer 2.0 to an Internet server in Russia and to a digital address that has been linked to previous Russian online scams. They conclude that Guccifer 2.0 is actually an “apparition created under a hasty Russian [denial and deception] campaign” to influence political events in the US.

Their report concludes, “Maintaining a ruse of this nature within both the physical and virtual domains requires believable and verifiable events which do not contradict one another. That is not the case here.” For instance, Guccifer 2.0 claims to have broken into the DNC network in the summer of 2015 using a software flaw that didn’t exist until December 2015.

Furthermore, the Guccier 2.0 entity is “a Russia-controlled platform that can act as a censored hacktivist. Moscow determines what Guccifer 2.0 shares and thus can attempt to selectively impact media coverage, and potentially the election, in a way that ultimately benefits their national objectives.” (The Daily Beast, 7/26/2016)

The Washington Post reports that “Intelligence officials, who spoke on the condition of anonymity to discuss an issue under investigation, said there is little doubt that agents of the Russian government hacked the Democratic National Committee [DNC], and the White House was informed months ago of [Russia’s] culpability.” However, days after WikiLeaks posted almost 20,000 DNC emails, the Post adds, “The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.”

One unnamed US official says, “We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none.”

Former NSA Director Keith Alexander says, “Determining with confidence who was behind it — if the Russians were the hackers, seeing them pass that data to WikiLeaks — is probably much more difficult than attributing it to the initial hacker. That’s a tough one — especially because there are different ways of passing that information, not all electronic.”

Furthermore, even if Russia is behind the leaks to WikiLeaks, the motivation is unclear. A key question is if Russia is attempting to influence the November 2016 US presidential election. Michael Hayden, former director of both the NSA and the CIA, states, “Frankly, I don’t think they’re motivated by thinking they can affect the election itself.” He thinks the Russians may be flexing their muscles “to demonstrate that they can — not necessarily to make [Donald] Trump win or Hillary [Clinton] lose.”

Leo Taddeo (Credit: Twitter)

Leo Taddeo, a former FBI agent who worked with cybersecurity operations, says, “This is not [Russian leader Vladimir] Putin trying to help Trump. I think they were messaging Hillary Clinton, telling her that they can get in the way of her election if she doesn’t show some flexibility in her position toward them.”

Representative Adam Schiff (D) believes that if Russia is ultimately responsible, the Obama administration “should make it known publicly and forcefully. Even if they’re not able to lay out the evidence because it would disclose sources and methods, they should make the attribution.” (The Washington Post, 7/27/2016)

Director of National Intelligence James Clapper (Credit: public domain)

Clapper says the US government is not “quite ready yet” to “make a public call” about who is responsible for the hacking on the Democratic National Committee’s (DNC) computer network that resulted in almost 20,000 emails being released by WikiLeaks. However, he hints that one of “the usual suspects” is likely to blame. He also says, “We don’t know enough [yet] to … ascribe a motivation, regardless of who it may have been.”

Yahoo News reports that there is a vigorous debate inside the Obama administration about whether to publicly blame the Russian government for the hacking. One unnamed senior law enforcement official says the Russians are “most probably” involved, but investigation is ongoing.

Clapper is said to be amongst a faction who is resisting publicly blaming the Russians, since it is the kind of activity that intelligence agencies regularly engage in, including the US at times. Clapper also publicly comments, “[I’m] taken aback a bit by … the hyperventilation over this,” He adds in a sarcastic tone, “I’m shocked somebody did some hacking. That’s never happened before.” (Yahoo News, 7/29/2016)

He writes on Twitter, “Democratizing information has never been more vital, and WikiLeaks has helped. But their hostility to even modest curation is a mistake.” Snowden was an NSA contractor, but he has been hiding in Russia to avoid prosecution after exposing illegal surveillance practices by the US government.

On June 22, 2016, Wikileaks released 20,000 Democratic National Committee (DNC) emails. But they didn’t redact names, social security numbers, credit card information, or other personal data. (Raw Story, 7/28/2016)

Later on July 28, 2016, WikiLeaks replies on Twitter with the comment: “@Snowden Opportunism won’t earn you a pardon from Clinton & curation is not censorship of ruling party cash flows.”

When Snowden leaked government documents, he gave them to reporters who made some redactions. Whereas WikiLeaks has seemingly made no redactions at all, as Snowden has pointed out. (The Washington Post, 7/28/2016)

The Daily Beast reports that cybersecurity experts believe the hacker or hackers who stole emails from the DNC (Democratic National Committee) are behind a website known as DCLeaks. The site went public in June 2016 to little media attention. But the site contains emails from hundreds of Republican and Democratic US politicans, including staffers to Republican Senators John McCain and Linsey Graham, plus staffers to former Republican Repesentative Michelle Bachmann. An unnamed “an individual close to the investigation of the Democratic Party hacks” says the evidence is growing that both parties have been targeted. “Everyone is sweating this right now. This isn’t just limited to Democrats.”

The cybersecurity company ThreatConnect has been investigating the recent hacks of US political targets, and they call DCLeaks a “Russian-backed influence outlet.” In particular, they have linked it to Fancy Bear (a.k.a. APT 28), a hacking group also accused of hacking the DNC, an believed by many to be working for the Russian government. “DCLeaks’ registration and hosting information aligns with other Fancy Bear activities and known tactics, techniques, and procedures.” They also claim that the hacker or hacking group known as Guccifer 2.0, who claims to be behind the hacking of the DNC emails that WikiLeaks publicly posted in July 2016, is linked to DCLeaks.
The Daily Beast reports that “researchers, at ThreatConnect and elsewhere, also now believe that Guccifer 2.0 was WikiLeaks’ source and that the group is acting as a front for the Russian government.” (The Daily Beast, 8/12/2016)

Russian President Vladimir Putin says in an interview about accusations of Russian government in the hacking of Democratic National Committee (DNC) emails: “Listen, does it even matter who hacked this data? The important thing is the content that was given to the public …. There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it. … But I want to tell you again, I don’t know anything about it, and on a state level Russia has never done this.”

However, an internal probe conducted by CrowdStrike Inc. traced the source of the hack to two Russian hacking groups connected with Russian intelligence, “Cozy Bear” and “Fancy Bear.”

James Lewis (Credit: public domain)

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, claims that Russia has engaged in state hacking in the past and that Putin’s denials are “not credible.”

Putin continues: “You know how many hackers there are today? They act so delicately and precisely that they can leave their mark — or even the mark of others — at the necessary time and place, camouflaging their activities as that of other hackers from other territories or countries. It’s an extremely difficult thing to check, if it’s even possible to check. At any rate, we definitely don’t do this at a state level.” (Bloomberg News, 9/1/2016)

This is according to an interview with WikiLeaks leader Julian Assange. “We have tens of thousands, possibly as many as a hundred thousand, pages of documents of different types, related to the operations that Hillary Clinton is associated with.”

This WikiLeaks cartoon has been prominently featured on the WikiLeaks website. (Credit: Latuff / WikiLeaks)

WikiLeaks released almost 20,000 Democratic National Committee (DNC) emails just before the July Democratic presidential convention. He says regarding new releases, “There are some, several … in response to the DNC publications, a lot of people have been inspired by the impact, and so they have stepped forward with additional material.”

He adds, “It’s quite a complex business to sort things, to index them, make sure they’re presentable, to see what the top initial angles are that come out. We’re a small shop. We’re here around the clock. We understand quite much the time pressures that people have, and how significant it is to try and get that out. We worked like hell to get the DNC publication out before the DNC, the day before the DNC.”

“I am very confident we’re going to get this material out before, long before, the day of the [November 2016 presidential] election.” (The Washington Examiner, 9/8/2016)

Clinton campaign chair John Podesta says, “Director Comey’s letter refers to emails that have come to light in an unrelated case, but we have no idea what those emails are and the director himself notes they may not even be significant. … It is extraordinary that we would see something like this just 11 days out from a presidential election.”

Donna Brazile, interim chair of the Democratic National Committee (DNC), says, “The FBI has a solemn obligation to remain neutral in political matters — even the faintest appearance of using the agency’s power to influence our election is deeply troubling.”

Senator Dianne Feinstein (D), says, “This is particularly troubling since so many questions are unanswered. … It’s unclear whether these emails have already been reviewed or if Secretary Clinton sent or received them. In fact, we don’t even know if the FBI has these emails in its possession.” (The New York Times, 10/28/2016)